[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different CN's for DN and CN.

On Mon, Mar 17, 2003 at 10:53:30AM +0000, Andrew McCall wrote:

> Here is how a typical entry would look :
> dn: cn=myname, ou=people, dc=sws, dc=oldham, dc=uk, dc=net
> cn: My Name
> sn: Primary School
> ...
> ... etc.

It has already been pointed out that you need an attribute 'cn' that
has the same value as the 'cn' in the DN. It is worth noting that 'cn'
is a multi-valued attribute, so it would be quite OK to do this:

dn: cn=myname, ou=people, dc=sws, dc=oldham, dc=uk, dc=net
cn: My Name
cn: myname

Or this:

dn: cn=My Name, ou=people, dc=sws, dc=oldham, dc=uk, dc=net
cn: My Name
uid: myname

> Everything works, but it just makes our naming convention a little
> difficult to maintain, I am planning on changing the DN to hold the UID
> rather than the CN, but some entries don't have a UID, so it means that
> I will have a mixture or DN's with UID's and DN's with CN's.

That should not be a problem really. Remember that you can always
locate the entry you want by specifying a search that hits one entry
uniquely, so a search for 'uid=it273' would return the right entry
whatever its DN.

Another important point: in your example you have the line:

> sn: Primary School

This seems to be re-using the Surname attribute to store something
that is clearly not a surname. Such re-use is not a good idea, as it
will confuse users and user agents alike. This will cause trouble in
the future if you ever try to use your directory for more than one

If there is no attribute that already describes your data, then you
should define a new one. It is not hard, though you should take care
to obtain a globally-unique OID for the purpose. You will need to
define an AUXILIARY objectclass that permits your new attribute to
appear in entries, and add that to the list of classes on each object
you create. See below for example schema fragment.

Similarly, don't re-use one class of object to store something
different just to avoid defining a new class. i.e. don't use a Person
object to store details about a school - this should be an
organization object, possibly with add-on AUXILIARY classes of your

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |

# This example is a simple attribute that records what sort of
# spam checking is required in the mail system.

# Note that 1.2.826.0.1.3458854 is a unique OID assigned to
# Skills 1st Ltd, under which I define other OIDs as needed.
# You should obtain your own unique OID to avoid clashing with
# other people's work

attributetype ( 1.2.826.0.1.3458854.
        NAME 'vdmSpamCheck'
        DESC 'The type of spam checking required by this user'
        EQUALITY caseIgnoreIA5Match
        SINGLE-VALUE )

# Here is a simple object class that will permit vdmSpamCheck
# attributes to be added to entries

objectclass ( 1.2.826.0.1.3458854.
        NAME 'vdmAccount'
        DESC 'Account in the Virtual Domain Manager system'
        SUP top AUXILIARY
        MAY     ( vdmSpamCheck ) )